| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Compiles, but untested otherwise. No caching.
|
|
Also, fix the namespaceMap comment.
|
|
Compiles and mounts but does nothing useful.
|
|
At least 16 bytes due to AES --> at least 22 characters in base64
|
|
Changed invalid file decoding and decryption. Function
DecryptName now shortens the filename until the filename is
decodable and decryptable. Will work with valid **and**
invalid Base64URL delimiter (valid delimiter [0-9a-zA-z_\\-].
If the filename is not decryptable at all, it returns the
original cipher name with flag suffix Changed cli tests to
generate decryptable and undecryptable file names with correct
encrypted content. Replacing #474, extends #393
|
|
As noticed by @slackner in
https://github.com/rfjakob/gocryptfs/commit/cb8872577d66ff0fc38bcd70493be06bc0f34ffa#commitcomment-39405233 ,
this is not safe.
This reverts commit cb8872577d66ff0fc38bcd70493be06bc0f34ffa.
|
|
On CIFS mounts, unix.Getdents can return sudden ENOENT
in the middle of data. This will not be reported as an error
by user space tools, so return EIO instead.
Also log it as a warning.
https://github.com/rfjakob/gocryptfs/issues/483
|
|
When filename encryption is on, we do know when we
overwrite a directory, and can clear only in this case.
sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs
git init 1.74 7.80
rsync 6.19 11.63
|
|
Mkdir can not cause existing entries in the cache to go
stale. So don't clear it. Benchmark results:
sshfs-benchmark.bash: sshfs gocryptfs-on-sshfs
git init 1.65 8.74
rsync 6.09 17.54
|
|
Fixes: https://github.com/rfjakob/gocryptfs/issues/483
Related: https://github.com/golang/go/issues/38836
|
|
Looking at the dircache debug output, we see
that a "git status" workload has a very bad
cache hit rate because the entries expire or
get evicted before they can be reused.
Increase both cache size and lifetime for
a 4x speedup:
Before: 75s
After: 17s
https://github.com/rfjakob/gocryptfs/issues/410
|
|
Before:
Lookup "errno.html/1/2/3/4/5": miss
Store: "errno.html/1/2/3/4/5" fd=26 iv=21be6e083d60dcabfe7368264d5082b7
Lookup "errno.html": hit 25 6d68a16d217978915036a3bd55428ae7
Lookup "errno.html/1": hit 25 932a464c299b3430c5e55c924f98ac4d
Lookup "errno.html/1/2": hit 25 7d53348b1692d537f017bf86b3cf5feb
Lookup "errno.html/1/2/3": hit 25 2aef1c9d1ab2b55b163215053fefe703
Lookup "errno.html/1/2/3/4": hit 25 cb802be53721c46a46247c5e4e0f4ce6
Lookup "errno.html/1/2/3/4": hit 25 cb802be53721c46a46247c5e4e0f4ce6
Lookup "errno.html": hit 25 6d68a16d217978915036a3bd55428ae7
After:
Lookup "earlyoom/.git/refs" hit fd=10 dup=17 iv=6ae2cecd269a25e8d946aff6afe9b8b8
Lookup "earlyoom/.git/refs/remotes" hit fd=19 dup=17 iv=f04c2d2a5bcc33ebdeaca664859c980d
Lookup "earlyoom/.git/refs/remotes/origin" miss
Store "earlyoom/.git/refs/remotes/origin" fd=17 iv=834a64a1697c9f5705455ba6dbed22b5
Lookup "earlyoom" hit fd=7 dup=25 iv=2303a892d6e2357c483574a8070b7679
Lookup "earlyoom/.git" hit fd=11 dup=25 iv=d43ca4aff23720c57789c9f62f0aee00
Lookup "earlyoom/.git" hit fd=11 dup=25 iv=d43ca4aff23720c57789c9f62f0aee00
Lookup "earlyoom/.git/refs" hit fd=10 dup=25 iv=6ae2cecd269a25e8d946aff6afe9b8b8
Lookup "earlyoom/.git/refs/heads" hit fd=13 dup=25 iv=f9245e7c066b9adc768a1a666da9fbc8
|
|
Each file will be read and then concatenated
for the effictive password. This can be used as a
kind of multi-factor authenticiton.
Fixes https://github.com/rfjakob/gocryptfs/issues/288
|
|
We need
https://github.com/hanwen/go-fuse/commit/fd7328faf9fdf75709f7ba7df7072aaf4eeb18b3
to fix a crash reported in https://github.com/rfjakob/gocryptfs/issues/430 :
2019/10/30 17:14:16 Unknown opcode 2016
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x508d38]
This patch is only in the v2.x.x branch. Upgrade to v2, as the
old API is also supported there.
Running
git grep hanwen/go-fuse | grep -v hanwen/go-fuse/v2
to check for forgotten references comes back clean.
|
|
https://github.com/client9/misspell
|
|
The former interal ctlsock server package is renamed
to ctlsocksrv.
|
|
Wrong bit operator was used.
|
|
Also add a test for this.
Thanks @slackner for the comment.
|
|
This was committed by accident.
|
|
Gets rid of static inode number value limitations.
Fixes https://github.com/rfjakob/gocryptfs/issues/457
|
|
|
|
Adding flags allows to use inomap in reverse mode,
replacing the clunky inoBaseDirIV/inoBaseNameFile
logic that causes problems with high underlying
inode numbers ( https://github.com/rfjakob/gocryptfs/issues/457 )
Microbenchmarks (values below) show that the "SingleDev"
case is now much slower due to an extra map lookup,
but this has no visible effects in ./test.bash results,
so there was no time spent optimizing the case further.
$ go test -bench=.
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/internal/inomap
BenchmarkTranslateSingleDev-4 18757510 61.5 ns/op
BenchmarkTranslateManyDevs-4 18061515 64.5 ns/op
PASS
ok github.com/rfjakob/gocryptfs/internal/inomap 2.467s
|
|
$ go test -bench=.
goos: linux
goarch: amd64
pkg: github.com/rfjakob/gocryptfs/internal/inomap
BenchmarkTranslateSingleDev-4 202479382 5.88 ns/op
BenchmarkTranslateManyDevs-4 16095795 71.9 ns/op
PASS
ok github.com/rfjakob/gocryptfs/internal/inomap 3.039s
|
|
The comment still mentioned CBC, which has been removed
a long time ago.
The test definition can be rewritten using slice literals,
saving sume stuttering.
|
|
We used to prefer openssl in this situation, which
used to make sense, but now Go gained an optimized
assembly implementation for aes-gcm on arm64 with
aes instructions:
root@q1:~/go/src/github.com/rfjakob/gocryptfs# ./gocryptfs -speed
gocryptfs v1.7.1-46-g73436d9; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-13 go1.14.2 linux/arm64
AES-GCM-256-OpenSSL 212.30 MB/s (selected in auto mode)
AES-GCM-256-Go 452.30 MB/s
AES-SIV-512-Go 100.25 MB/s
XChaCha20-Poly1305-Go 137.35 MB/s
https://github.com/rfjakob/gocryptfs/issues/452
|
|
inomap will also be used by fusefrontend_reverse
in the future. Split if off openfiletable to make
it independent.
|
|
https://github.com/rfjakob/gocryptfs/issues/452
|
|
|
|
We used to restrict setting xattrs to the "user."
namespace. I don't see a real reason for this
anymore, and it causes trouble for users who are using
acls.
Tests will be added in the next commit.
https://github.com/rfjakob/gocryptfs/issues/453
|
|
Resolves https://github.com/rfjakob/gocryptfs/issues/393
|
|
The result is counter-intuitive, so explain it here.
|
|
Now that I have discovered golang.org/x/sys/cpu and that Go
versions below 1.6 are uncommon, there was not much useful
code left in prefer_openssl.
Merge the remains into stupidgcm.
|
|
Make the logic self-contained in the new helper function.
|
|
|
|
Error from Travis CI was:
+GOOS=darwin
+GOARCH=amd64
+go build -tags without_openssl
# github.com/rfjakob/gocryptfs/internal/fusefrontend
internal/fusefrontend/fs.go:88:45: cannot use st.Dev (type int32) as type uint64 in argument to openfiletable.NewInumMap
Add uint64 to fix it.
|
|
translate inode numbers on different devices to fix
collisions.
Fixes https://github.com/rfjakob/gocryptfs/issues/435
|
|
Generates unique inode numbers for files on different
devices.
https://github.com/rfjakob/gocryptfs/issues/435
|
|
The comment is outdated, at this point, we should
really not get any errors from ReadDirIVAt.
The change is best seen when running the fsck tests. Before:
fsck: error opening dir "missing_diriv": 2=no such file or directory
After:
OpenDir "K2m0E6qzIfoLkVZJanoUiQ": could not read gocryptfs.diriv: no such file or directory
fsck: error opening dir "missing_diriv": 5=input/output error
See https://github.com/rfjakob/gocryptfs/issues/403 , where
the extra info would have been helpful.
|
|
This was meant as a way to inform the user that
something is very wrong, however, users are hitting
the condition on MacOS due to ".DS_Store" files, and
also on NFS due to ".nfsXXX" files.
Drop the whole thing as it seems to cause more pain
than gain.
Fixes https://github.com/rfjakob/gocryptfs/issues/431
|
|
Closing the fd means the inode number may be reused immediately
by a new file, so we have to get the old fileID out of the table
beforehand!
Hopefully fixes https://github.com/rfjakob/gocryptfs/issues/363
|
|
This should help debugging https://github.com/rfjakob/gocryptfs/issues/363 ,
but does no harm in normal operation as it only prints ciphertext to the log.
|
|
https://github.com/rfjakob/gocryptfs/issues/363
|
|
Found while debugging https://github.com/rfjakob/gocryptfs/pull/413
|
|
Fixes https://github.com/rfjakob/gocryptfs/issues/421
|
|
Error was
+GOOS=darwin
+GOARCH=amd64
+go build -tags without_openssl
# github.com/rfjakob/gocryptfs/internal/syscallcompat
internal/syscallcompat/unix2syscall_darwin.go:22:32: u.Atimespec undefined (type unix.Stat_t has no field or method Atimespec)
internal/syscallcompat/unix2syscall_darwin.go:23:32: u.Mtimespec undefined (type unix.Stat_t has no field or method Mtimespec)
internal/syscallcompat/unix2syscall_darwin.go:24:32: u.Ctimespec undefined (type unix.Stat_t has no field or method Ctimespec)
caused by https://github.com/golang/sys/commit/87c872767d25fb96dfe96c794fd028b38a08440b#diff-4913a9178621eadcdf191db17915fbcb
|
|
Handled the same way in GlusterFS, disorderfs, libfuse.
Fixes https://github.com/rfjakob/gocryptfs/issues/394
|
|
When we run tests as root, they will leave root-owned files
in testParentDir, which causes trouble when we run tests as
a normal user later on. Split by UID.
|
|
Makes it easier to change the name (as some people want to):
https://github.com/rfjakob/gocryptfs/issues/37
|
|
CheckTrailingGarbage was called even when "-passfile" was
used, which is stupid, and causes false positives:
https://github.com/rfjakob/gocryptfs/issues/391
(false error "Received trailing garbage after the password"
when using -passfile in .bash_profile)
Instead of trying to improve the logic to handle that case
and make everything even more complicated, delete the function.
It is unclear if actually helps in some cases, and it definitely
harms as shown by the above bug report.
|
